NAME

DESCRIPTION

The ldapscripts are a set of shell (sh) scripts designed to manage
POSIX accounts in an OpenLDAP directory. They can be used as standalone
tools or within Samba 3.x's smb.conf file.

REQUIREMENTS

The main requirements are the OpenLDAP client tools (ldapadd,
ldapsearch, ldapdelete, ...). Other commands are called in the scripts
but should come with your OS (sed, grep, cut, ...).

CONFIGURATION

The main configuration of the ldapscripts is usually the file
/etc/ldapscripts/ldapscripts.conf (or
/usr/local/etc/ldapscripts/ldapscripts.conf, depending on your system).
Modify it to fit your needs before using the scripts. Each script also
uses a "runtime" file, usually /usr/lib/ldapscripts/runtime (or
/usr/local/lib/ldapscripts/runtime). You don't need to modify this
file.

TEMPLATES

Each script that adds information to the directory uses a template.
Templates are directly embedded at the end of the scripts but it is
also possible to use external template files (see GTEMPLATE, UTEMPLATE
and MTEMPLATE variables in the configuration file). Each template
consists of a preformatted LDIF file using special keywords that will
be replaced on-the-fly. Sample files are provided for your convenience
: ldapaddgroup.template.sample, ldapadduser.template.sample and
ldapaddmachine.template.sample. It is strongly advised to use those
files instead of modifying the embedded (default) templates in the
scripts.
Sample templates include every keyword you can use. One special
additional keyword is the <ask> keyword that will trigger user input to
get the attribute value interactively.

USINGASSTANDALONETOOLS

Each script can be used as a standard command-line tool. Check their
man pages to get help.

AVAILABILITY

The ldapscripts are provided under the GNU General Public License v2
(see COPYING for more details). The latest version of the ldapscripts
is available on : http://contribs.martymac.org

BUGS

Sometimes, that kind of message may appear in the log file : Additionalinformation:valuedoesnotconformtoassertionsyntax. Setting
slapd's debug level to 32 shows additional details : get_ava:illegalvalueforattributeTypeuidNumber. This is *not* a bug : the
ldapscripts tend to use the power of LDAP filters to easily find users
(or groups) using either a uidNumber (numerical value) or a uid (string
value). The following filter (used by ldapfinger(1)) will generate the
above message if $_USER is a login :
"(|(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))
(&(objectClass=posixGroup)(|(cn=$_USER)(gidNumber=$_USER))))" because
filter part "(uidNumber=$_USER)" requires an integer but gets a string.
You can mostly ignore those warnings.
January 1, 2006 ldapscripts(5)